General

  • Target

    2024-05-24_a2cb2666a65fc58db7fc32914fb9b69d_bkransomware

  • Size

    7.3MB

  • Sample

    240524-wj3tvaed47

  • MD5

    a2cb2666a65fc58db7fc32914fb9b69d

  • SHA1

    ca021083c020ad92bc98fbb57ea4b7ae9f3f5585

  • SHA256

    f3dd518a5b39a4eff2c8f1e1b87582c1352aa09ba50038673cb6503f09dde4bb

  • SHA512

    a46236f6bf9cc4bbd3dbdc130e20935e534cb2fd540bff0b79008451d545944ddd7469ac466294439dabae8ae2ce9b370fa6478264f2252bd6992a7d53d3dee1

  • SSDEEP

    196608:na6ktxC0ZWnd6WcF0DGi7m9orub/cXRbD466h2ZF:a6kt0d6WcCDGYmWruQJD564F

Malware Config

Targets

    • Target

      2024-05-24_a2cb2666a65fc58db7fc32914fb9b69d_bkransomware

    • Size

      7.3MB

    • MD5

      a2cb2666a65fc58db7fc32914fb9b69d

    • SHA1

      ca021083c020ad92bc98fbb57ea4b7ae9f3f5585

    • SHA256

      f3dd518a5b39a4eff2c8f1e1b87582c1352aa09ba50038673cb6503f09dde4bb

    • SHA512

      a46236f6bf9cc4bbd3dbdc130e20935e534cb2fd540bff0b79008451d545944ddd7469ac466294439dabae8ae2ce9b370fa6478264f2252bd6992a7d53d3dee1

    • SSDEEP

      196608:na6ktxC0ZWnd6WcF0DGi7m9orub/cXRbD466h2ZF:a6kt0d6WcCDGYmWruQJD564F

    • Detects executables containing URLs to raw contents of a Github gist

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks